堆栈内存溢出
  简体   繁体   English

驱动程序无法使用安全套接字层 (SSL) 加密与 SQL Server 建立安全连接。 错误:“PKIX 路径构建失败:

[英]The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "PKIX path building failed:

 原文  2022-03-06 22:47:40       java/ sql/ intellij-idea

问题描述

I'm new to SQL(Microsoft SQL Server Management) and I am trying to connect it with IntelliJ我是 SQL(Microsoft SQL Server Management)的新手,我正在尝试将它与 IntelliJ 连接起来

I am getting the following error: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption.我收到以下错误:com.microsoft.sqlserver.jdbc.SQLServerException:驱动程序无法使用安全套接字层 (SSL) 加密与 SQL Server 建立安全连接。 Error: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target".错误:“PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径”。

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement;

public class MyJDBC {

public static void main(String[] args) {


    String  connectionURL = "jdbc:sqlserver://localhost:10020;databaseName=mydatabase;user=me;password=random_password";
    try {
        System.out.print("Connecting to the server......");
        try (Connection connection = DriverManager.getConnection(connectionURL))   {
            System.out.println("Connected to the Server.");
        }
    }catch (Exception e){
        System.out.println("I am not connected to the Server");
        e.printStackTrace();
    }
}
}

I have this on my lib LIB我的库LIB上有这个

Any help is appreciated it!任何帮助表示赞赏!

2 个解决方案

解决方案1
 9  2022-03-28 17:03:39

Add encrypt=true and trustServerCertificate=true to connection url.encrypt=truetrustServerCertificate=true添加到连接 url。

String  connectionURL = "jdbc:sqlserver://localhost:10020;databaseName=mydatabase;user=me;password=random_password;encrypt=true;trustServerCertificate=true";

Microsoft Blog Reference - link Microsoft 博客参考 - 链接
Find below excerpt from it -在下面找到它的摘录 -

This is an issue in Java Certificate Store.这是 Java 证书存储中的一个问题。 As a quick workaround, if you enable TrustServerCertificate=True in the connection string, the connection from JDBC succeeds.作为一种快速解决方法,如果您在连接字符串中启用 TrustServerCertificate=True,则来自 JDBC 的连接会成功。 When TrustServerCertificate is set to true, the transport layer will use SSL to encrypt the channel and bypass walking the certificate chain to validate trust.当 TrustServerCertificate 设置为 true 时,传输层将使用 SSL 加密通道并绕过证书链来验证信任。 If TrustServerCertificate is set to true and encryption is turned on, the encryption level specified on the server will be used even if Encrypt is set to false.如果 TrustServerCertificate 设置为 true 并打开了加密,则即使 Encrypt 设置为 false,也将使用服务器上指定的加密级别。 The connection will fail otherwise.否则连接将失败。 However, for security considerations, it is not recommended to bypass the certificate validation.但是,出于安全考虑,不建议绕过证书验证。 Hence, to address the issue, follow the steps below to change the connection string and import the required certificates.因此,要解决此问题,请按照以下步骤更改连接字符串并导入所需的证书。

Change the connection string to point to the Java certificate path更改连接字符串以指向 Java 证书路径

String connectionUrl = "jdbc:sqlserver://localhost:1433;" + String connectionUrl = "jdbc:sqlserver://localhost:1433;" + "databaseName=AdventureWorks;integratedSecurity=true;" + String connectionUrl = "jdbc:sqlserver://localhost:1433;" + "databaseName=AdventureWorks;integratedSecurity=true;" + "databaseName=AdventureWorks;integratedSecurity=true;" + "encrypt=true; trustServerCertificate=false;" + "databaseName=AdventureWorks;integratedSecurity=true;" + "encrypt=true; trustServerCertificate=false;" + "encrypt=true; trustServerCertificate=false;" + "trustStore= C:\Program Files\Java\jdk-14.0.2\lib\cacert;trustStorePassword=changeit"; "encrypt=true; trustServerCertificate=false;" + "trustStore= C:\Program Files\Java\jdk-14.0.2\lib\cacert;trustStorePassword=changeit";

Import all the certificates mentioned in this document .导入本文档中提到的所有证书。

Note: To import above certificates into the keystore cacerts, please use below command and please note you must mention truststore and truststore password in the connection string to successfully connect.注意:要将上述证书导入密钥库 cacerts,请使用以下命令,请注意您必须在连接字符串中提及信任库和信任库密码才能成功连接。 Steps to import missing certificates in Java Certificate Store在 Java 证书存储中导入缺失证书的步骤

Download all the certs from here, store them in a location on client host and then use keytool utility to import these certificates into the truststore.从这里下载所有证书,将它们存储在客户端主机上的某个位置,然后使用 keytool 实用程序将这些证书导入信任库。 Please follow the below steps:请按照以下步骤操作:

Save all the certificates from the above MS doc.保存上述 MS doc 中的所有证书。 Keytool utility is in the bin folder of your default Java location (C:\Program Files\Java\jdk-14.0.2\bin). Keytool 实用程序位于默认 Java 位置 (C:\Program Files\Java\jdk-14.0.2\bin) 的 bin 文件夹中。 You need to use command prompt to navigate to that location.您需要使用命令提示符导航到该位置。 Then you can use the keytool command to import the certificate previously saved.然后可以使用 keytool 命令导入之前保存的证书。 When prompted for password insert the key in the password as “changeit”当提示输入密码时,将密码中的密钥作为“changeit”插入

Example of commands:命令示例:

keytool -importcert -trustcacerts -alias TLS1 -file "C:\Users\Documents\Microsoft RSA TLS CA 01.crt" -keystore "C:\Program Files\Java\jdk-14.0.2\lib\security\cacerts" keytool -importcert -trustcacerts -alias TLS1 -file "C:\Users\Documents\Microsoft RSA TLS CA 01.crt" -keystore "C:\Program Files\Java\jdk-14.0.2\lib\security\cacerts"

keytool -importcert -trustcacerts -alias TLS2 -file "C:\Users\Documents\Microsoft RSA TLS CA 02.crt" -keystore "C:\Program Files\Java\jdk-14.0.2\lib\security\cacerts" keytool -importcert -trustcacerts -alias TLS2 -file "C:\Users\Documents\Microsoft RSA TLS CA 02.crt" -keystore "C:\Program Files\Java\jdk-14.0.2\lib\security\cacerts"

解决方案2
 0  2022-10-14 02:46:48

Below worked for me:以下为我工作:

jdbc:sqlserver://Host;trustServerCertificate=true;integratedSecurity=true;authenticationScheme=NTLM

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 驱动程序无法使用安全 Sockets 层 (SSL) 加密建立与 SQL 服务器的安全连接。 错误:“意外重新抛出” - The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Unexpected rethrowing" 驱动程序无法使用安全 Sockets 层 (SSL) 加密建立与 SQL 服务器的安全连接。 如何解决这个错误? - The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. How to solve this error? 如何修复“驱动程序无法使用安全套接字层 (SSL) 加密与 SQL Server 建立安全连接”错误 - How to fix " The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption" error 驱动程序无法使用安全套接字层(SSL)加密与SQL Server建立安全连接 - The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption SQL 服务器 JDBC 错误:驱动程序无法使用安全 Sockets 层 (SSL) 加密与 SQL 服务器建立安全连接 - SQL Server JDBC Error: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption SQL Server JDBC Error on Java 8: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption - SQL Server JDBC Error on Java 8: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption 驱动程序无法使用 SSL 与 SQL 服务器建立安全连接 - The driver could not establish a secure connection to SQL Server by using SSL 无法使用 MS JDBC 驱动程序从 CentOS 8 服务器连接到 SQL 服务器服务器:使用安全连接 ZEA52C2Z42253C5F99C23Z 错误 - Cannot connect to SQL Server server with MS JDBC Driver from CentOS 8 server: SSL error but not using secure connection 进行SSL连接时,PKIX路径构建失败 - PKIX path building failed while making SSL connection 简单的双向RMI SSL连接,PKIX路径构建失败 - Simple two way RMI SSL Connection, PKIX path building failed
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM